The Hacker News

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.
CPO Magazine

Megalodon Supply Chain Attack Infects Over 5,500 GitHub Repositories with Backdoors and Stealers

A massive supply chain attack dubbed Megalodon has infected over 5,500 GitHub repositories with credential-stealing malware, ...
Windows Report

New VS Code Zero-Day Lets Attackers Access Private GitHub Repositories

A security researcher has publicly disclosed a new Visual Studio Code zero-day vulnerability that can reportedly let ...
Cryptopolitan on MSN

Binance founder warns developers to rotate API keys after GitHub internal repository exposure

Binance CZ urges developers to rotate API keys following the exposure of a GitHub internal repository.

This AI-coded malware apparently leaked its own GitHub private token

Whoopsie.
InfoWorld

OpenAI offers API for GitHub Copilot AI model

Available through the OpenAI API in a private beta, Codex can translate natural language into code in upwards of a dozen programming language. OpenAI, the artificial intelligence research and ...
Memeburn

GitHub Hack Exposes 3,800 Repos and a Bigger VS Code Risk

GitHub hack exposed 3,800 internal repos through a poisoned VS Code extension, raising new concerns over developer supply ...
BeInCrypto

Changpeng Zhao Warns Crypto Devs to Rotate API Keys After GitHub Hack

GitHub says a poisoned VS Code extension exposed 3,800 internal repos as Binance founder CZ tells crypto devs to rotate keys.
SecurityWeek

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack

The Megalodon supply chain attack poisoned over 5,500 GitHub repositories via automated commits injecting GitHub Actions workflows.